IBM Product Security Incident Response


Archive

IBM Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Web Experience Factory

May 21, 2019 9:01 am EDT | Medium Severity

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 used by IBM Web Experience Factory. IBM Web Experience Factory has addressed the applicable CVEs. CVE(s): CVE-2018-11212, CVE-2019-2426, CVE-2018-1890 Affected product(s) and affected version(s):IBM Web Experience Factory 8.5 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10884948X-Force Database: ...read more


IBM Security Bulletin: A security vulnerability has been identified in OpenSSL, which is shipped with IBM Tivoli Network Manager IP Edition (CVE-2018-0734)

May 21, 2019 9:00 am EDT | Low Severity

OpenSSL is shipped with IBM Tivoli Network Manager IP Edition version 3.9. Information about a security vulnerability affecting Open SSL has been published here. CVE(s): CVE-2018-0734 Affected product(s) and affected version(s): IBM Tivoli Network Manager IP Edition v3.9 Fix Pack 4 & Fix Pack 5. Refer to the following reference URLs for remediation and additional ...read more


IBM Addresses Reported Intel Security Vulnerabilities

May 20, 2019 4:34 pm EDT

In May 2019, Microarchitectural Data Sampling (MDS) side channel attack variants were disclosed (CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, and CVE-2019-11091). These security vulnerabilities made public by Intel have the potential to allow an attacker running code on the same physical CPU to read other data being processed by that CPU. There are no known exploits at this ...read more


IBM Security Bulletin: API Connect V2018 is impacted by a directory traversal vulnerability in Kubernetes (CVE-2019-1002101)

May 20, 2019 9:01 am EDT | Medium Severity

IBM API Connect has addressed the following vulnerability. CVE(s): CVE-2019-1002101 Affected product(s) and affected version(s): Affected IBM API Management Affected Versions IBM API Connect 2018.1-2018.4.1.4 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10882956X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158804 ...read more


IBM Security Bulletin: API Connect V2018 is impacted by a security degradation vulnerability in Kubernetes (CVE-2019-9946)

May 20, 2019 9:01 am EDT | Medium Severity

IBM API Connect has addressed the following vulnerability. CVE(s): CVE-2019-9946 Affected product(s) and affected version(s): Affected IBM API Management Affected Versions IBM API Connect 2018.1-2018.4.1.4 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10882952X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158803 ...read more


IBM Security Bulletin: API Connect V5 is impacted by information disclosure (CVE-2018-1991)

May 20, 2019 9:00 am EDT | Low Severity

IBM API Connect has addressed the following vulnerability. CVE(s): CVE-2018-1991 Affected product(s) and affected version(s): Affected IBM API Management Affected Versions IBM API Connect 5.0.0.0-5.0.8.6 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10871970X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/154284 ...read more


IBM Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM

May 18, 2019 9:02 am EDT | High Severity

PowerKVM is affected by vulnerabilities in the Linux Kernel. IBM has now addressed these vulnerabilities. CVE(s): CVE-2018-1000026, CVE-2018-18559, CVE-2018-14634, CVE-2018-14633, CVE-2018-13405, CVE-2018-10940, CVE-2018-10883, CVE-2018-10881, CVE-2018-10879, CVE-2018-10878, CVE-2018-8781, CVE-2018-7757, CVE-2018-7740, CVE-2018-5803, CVE-2018-5344, CVE-2018-1130, CVE-2018-1094, CVE-2018-1092, CVE-2017-18344, CVE-2017-18232, CVE-2017-18208, CVE-2017-17805, CVE-2017-10661, CVE-2017-0861, CVE-2016-4913, CVE-2015-8830, CVE-2019-6974, CVE-2018-17972, CVE-2018-9568 Affected product(s) and affected version(s): PowerKVM 3.1 Refer to the ...read more


IBM Security Bulletin: A vulnerability in libsoup affects PowerKVM

May 18, 2019 9:01 am EDT | Medium Severity

PowerKVM is affected by a vulnerability in libsoup. IBM has now addressed this vulnerability. CVE(s): CVE-2018-12910 Affected product(s) and affected version(s): PowerKVM 3.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10879787X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/147348 ...read more


IBM Security Bulletin: A vulnerability in OpenWSMAN affects PowerKVM

May 18, 2019 9:01 am EDT | High Severity

PowerKVM is affected by a vulnerability in OpenWSMAN. IBM has now addressed this vulnerability. CVE(s): CVE-2019-3816 Affected product(s) and affected version(s): PowerKVM 3.1 Refer to the following reference URLs for remediation and additional vulnerability details:Source Bulletin: http://www.ibm.com/support/docview.wss?uid=ibm10879789X-Force Database: https://exchange.xforce.ibmcloud.com/vulnerabilities/158792 ...read more